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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. The only changes to the claims made herein appears in Claim 13. 

Listing of Claims : 

1 . (Previously Presented) A method of enabling at least one pervasive device to 
retrieve at least one authentication token from at least one personal authentication 
gateway, the at least one pervasive device comprising at least one automatic token client 
application and the at least one personal authentication gateway comprising at least one 
token server application, said method comprising the steps of: 

ascertaining at least one personal authentication gateway from at least one 

pervasive device by broadcasting a pervasive authentication domain discovery request 
message and receiving at least one discovery response message from the at least one 
personal authentication gateway; 

sending at least one token request from the at least one pervasive device to the at 

least one personal authentication gateway; and, 

receiving a token response at the pervasive device from the at least one personal 

authentication gateway only if the at least one pervasive device is authorized, the at least 
one pervasive device being authorized by the steps comprising: 
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registering the at least one pervasive device as a member of a pervasive 
authentication domain; and 

ascertaining if the at least one pervasive device is within a given distance 
of the gateway as measured by signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device. 

2. (Cancelled) The method according to claim 1, wherein said ascertaining step 
comprises broadcasting a pervasive authentication domain discovery request message and 
receiving at least one discovery response message from the at least one personal 
authentication gateway. 

3. (Original) The method according to claim 1, wherein said ascertaining step 
comprises looking up a personal authentication gateway address in configuration settings. 

4. (Original) The method according to claim 1, wherein the at least one token 
request comprises a pervasive device identification, a message type, and a protection 
arrangement for fields of the at least one token request, the protection arrangement being 
adapted to ensure integrity and confidentiality. 

5. (Original) The method according to claim 1, wherein said receiving step 
comprises storing received credentials for use by other applications. 

6. (Cancelled) The method according to claim 1, furthering comprising the step 
of registering a pervasive device to be a member of a pervasive authentication domain by 
registering with a personal authentication gateway. 
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7. (Previously Presented) A method of enabling at least one personal 
authentication gateway to distribute at least one authentication token to at least one 
authorized pervasive device, the at least one personal authentication gateway comprising 
at least one token server and the at least one pervasive device comprising at least one 
automatic token client, said method comprising the steps of: 

receiving at least one token request from at least one pervasive device on at least 
one personal authentication gateway, wherein the at least on pervasive device broadcasts 
a pervasive authentication domain discovery request message to the at least one personal 
authentication gateway; 

determining whether the at least one pervasive device is authorized to receive 
authentication tokens, wherein said determining step comprises: 

ascertaining if the at least one pervasive device has been registered as a 
member of the pervasive authentication domain; and 

ascertaining whether the at least one pervasive device is within a given 
distance of the gateway as measured by signal strength of wireless 
communication, wherein said gateway is integrated on a combined pervasive 
device; and 

sending at least one token response to the at least one pervasive device from the at 
least one personal authentication gateway, wherein said sending step comprises the at 
least one personal authentication gateway responding to a pervasive authentication 
domain discovery message from the at least one pervasive device. 
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8. (Cancelled) The method according to claim 7, wherein said sending step 
comprises the at least one personal authentication gateway responding to a pervasive 
authentication domain discovery message from the at least one pervasive device. 

9. (Cancelled) The method according to claim 8; wherein: said at least one 
personal authentication gateway has a pervasive authentication domain; sending step 
comprises sending the at least one token response only if the pervasive device 
identification for the pervasive authentication domain discovery message is a member of 
the pervasive authentication domain of the at least one personal authentication gateway. 

10. (Original) The method according to claim 7, wherein said receiving step 
comprises: determining the pervasive device identification of the at least one token 
request; deriving at least one pervasive authentication domain for the at least one 
pervasive device; and retrieving at least one authentication token for the pervasive 
device. 

11. (Original) The method according to claim 7, wherein the at least one token 
response sent comprises of a pervasive device identification, the message type, 
authentication tokens, and a protection arrangement for fields of the at least one token 
response, the protection arrangement being adapted to ensure integrity and 
confidentiality. 

12. (Cancelled) The method according to claim 7, furthering comprising the step 
of registering a pervasive device to be a member of a pervasive authentication domain by 
registering with a personal authentication gateway. 
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13. (Currently Amended) The method according to claim 7, wherein said 
registering step comprises: entering the same random password on the pervasive device 
and the personal authentication gateway; generating on the personal authentication 
gateway an encryption key, Slave_ID_Secret, which is encrypted by the random 
password; transferring the protected key to the pervasive device and computing a 
fingerprint of the protected key on the personal authentication gateway; and comparing 
the fingerprint of the received and decrypted protected key on the pervasive device. 

14. (Original) The method according to claim 13, wherein the encryption key, 
Slave_ID_Secret, is used as a protection arrangement for token requests and token 
responses. 

15. (Cancelled) The method according to claim 10, wherein said determining step 
comprises validating that the at least one pervasive device has been registered for the at 
least one pervasive authentication domain. 

16. (Cancelled) The method according to claim 10, wherein said determining step 
comprises ascertaining whether the at least one pervasive device is within a given 
distance of the at least one personal authentication gateway. 

17. (Original) The method according to claim 10, wherein said determining step 
comprises ascertaining whether the at least one pervasive device has recently made a 
previous request. 

18. (Original) The method according to claim 10, wherein said determining step 
comprises ascertaining whether the at least one pervasive device has not sent a message 
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indicating that the at least one pervasive device is no longer to be trusted. 

19. (Previously Presented) An apparatus for enabling at least one pervasive 
device to retrieve at least one authentication token from at least one personal 
authentication gateway, said apparatus comprising: 

a discoverer which finds at least one personal authentication gateway capable of 
responding to token requests; 

a token requestor which sends at least one request for at least one token 

required by the at least one pervasive device; and 

a token responder which accepts at least one token request and sends at least one 
token response with at least one authentication token to the at least one pervasive device 
only if the at least one pervasive device is authorized, the at least one pervasive device 
being authorized by the steps comprising: 

registering the at least one pervasive device as a member of a pervasive 
authentication domain; and 

ascertaining if the at least one pervasive device is within a given distance 
of the gateway as measured by signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device. 

20. (Original) The apparatus according to claim 19, wherein the at least one 
token request comprises a pervasive device identification, the message type, at least one 
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authentication token, and a protection arrangement for fields of the at least one token 
request, the protection arrangement being adapted to ensure integrity and confidentiality. 

21. (Original) The apparatus according to claim 20, wherein said protection 
arrangement comprises Triple-DES encryption using a long key. 

22. (Original) The apparatus according to claim 21, wherein said long key is a 
secure hash comprised of a master secret known only to the personal authentication 
gateway, a pervasive device identification, and a pervasive authentication domain 
identification. 

23. (Original) The apparatus according to claim 21, wherein said long key is 
distributed to the at least one pervasive device during registration. 

24. (Previously Presented) An apparatus comprising means for enabling at least 
one personal authentication gateway to distribute authentication tokens to at least one 
authorized pervasive device, said apparatus comprising: 

means for registering at least one pervasive device for membership in a pervasive 
authentication domain; 

means for receiving a token request from at least one pervasive device, wherein 
the at least on pervasive device broadcasts a pervasive authentication domain discovery 
request message to the at least one personal authentication gateway; 

means for determining whether the at least one pervasive device is authorized to 
receive authentication tokens, wherein said determining step comprises: 
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ascertaining if the at least one pervasive device has been registered as a 
member of the pervasive authentication domain; and 

ascertaining whether the at least one pervasive device is within a given 
distance of the gateway as measured by signal strength of wireless 
communication, wherein said gateway is integrated on a combined pervasive 
device; and 

means for sending at least one token response to the at least one pervasive device 
from the at least one personal authentication gateway. 

25. (Previously Presented) A program storage device readable by machine, 
tangibly embodying a program of instructions executable by the machine to perform 
method steps for enabling at least one pervasive device to retrieve at least one 
authentication token from at least one personal authentication gateway, the at least one 
pervasive device comprising at least one automatic token client application and the at 
least one personal authentication gateway comprising at least one token server 
application, said method comprising the steps of: 

ascertaining at least one personal authentication gateway from the at least one 
ervasive device by broadcasting a pervasive authentication domain discovery request 
message and receiving at least one discovery response message from at least one personal 
authentication gateway; 

sending at least one token request from the at least one pervasive device to the at 
least one personal authentication gateway; and, 
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receiving a token response at the pervasive device from the at least one personal 
authentication gateway only if the at least one pervasive device is authorized, the at least 
one pervasive device being authorized by the steps comprising: 

registering the at least one pervasive device as a member of a pervasive 
authentication domain; and 

ascertaining if the at least one pervasive device is within a given distance 
. of the gateway as measured by signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device. 

26. (Previously Presented) A program storage device readable by machine, 
tangibly embodying a program of instructions executable by the machine to perform 
method steps enabling at least one personal authentication gateway to distribute 
authentication tokens to at least one authorized pervasive device, the at least one personal 
authentication gateway comprising at least one token server and the at least one pervasive 
device comprising at least one automatic token client, said method comprising the steps 
of: 

receiving at least one token request from at least one pervasive device on at least 
one personal authentication gateway, wherein the at least on pervasive device broadcasts 
a pervasive authentication domain discovery request message to the at least one personal 
authentication gateway; 

determining whether the at least one pervasive device is authorized to receive 
authentication tokens, wherein said determining step comprises: 
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ascertaining if the at least one pervasive device has been registered as a 
member of the pervasive authentication domain; and 

ascertaining whether the at least one pervasive device is within a given 
distance of the gateway as measured by signal strength of wireless 
communication, wherein said gateway is integrated on a combined pervasive 
device; and 

sending at least one token response to the at least one pervasive device from the at 
least one personal authentication gateway. 

27. (Previously Presented) An article of manufacture comprising a computer 
usable medium having computer readable program code means embodied therein for 
causing a computer to effect a method of enabling at least one pervasive device to 
retrieve at least one authentication token from at least one personal authentication 
gateway, the at least one pervasive device comprising at least one automatic token client 
application and the at least one personal authentication gateway comprising at least one 
token server application, said method comprising the steps of: 

ascertaining at least one personal authentication gateway from at least one 
ervasive device by broadcasting a pervasive authentication domain discovery request 
message and receiving at least one discovery response message from at least one personal 
authentication gateway; 
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sending at least one token request from the at least one pervasive device to the at 
east one personal authentication gateway, the at least one pervasive device having an 
automatic token client; and, 

receiving a token response at the pervasive device from the at least one personal 
authentication gateway only if the at least one pervasive device is authorized, the at least 
one pervasive device being authorized by the steps comprising: 

registering the at least one pervasive device as a member of a pervasive 
authentication domain; and 

ascertaining if the at least one pervasive device is within a given distance 
of the gateway as measured by signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device. 

28. (Previously Presented) An article of manufacture comprising a computer 
usable medium having computer readable program code means embodied therein for 
causing a computer to effect a method of enabling at least one personal authentication 
gateway to distribute at least one authentication token to at least one authorized pervasive 
device, the at least one personal authentication gateway comprising at least one token 
server and the at least one pervasive device comprising at least one automatic token 
client, said method comprising the steps of: 

receiving at least one token request from at least one pervasive device on 
at least one personal authentication gateway, wherein the at least on pervasive 
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device broadcasts a pervasive authentication domain discovery request message to 
the at least one personal authentication gateway; 

determining whether the at least one pervasive device is authorized to 
receive authentication tokens, wherein said determining step comprises: 

ascertaining if the at least one pervasive device has been registered 
as a member of the pervasive authentication domain; and 

ascertaining whether the at least one pervasive device is within a 
given distance of the gateway as measured by signal strength of wireless 
communication, wherein said gateway is integrated on a combined 
pervasive device; and 

sending at least one token response to the at least one pervasive device from at 
least one personal authentication gateway. 

29. (Previously Presented) A computer program product comprising a computer 
usable medium having computer readable program code means embodied therein for 
causing enablement of at least one pervasive device to obtain authentication tokens from 
at least one personal authentication gateway, the computer readable program code means 
in said computer program product comprising computer readable program code means 
for causing a computer to effect an apparatus for enabling of at least one pervasive device 
to retrieve at least one authentication token from at least one personal authentication 
gateway, said apparatus comprising: 
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a discoverer which finds at least one personal authentication gateway capable of 
responding to token requests, wherein at least on pervasive device broadcasts a pervasive 
authentication domain discovery request message to the at least one personal 
authentication gateway; 

a token requestor which sends at least one request for at least one token required 
by at least one pervasive device; and 

a token responder which accepts at least one token request and sends at least one 
token response with at least one authentication token to the at least one pervasive device 
only if the at least one pervasive device is authorized, the at least one pervasive device 
being authorized by the steps comprising: 

registering the at least one pervasive device as a member of a pervasive 
authentication domain; and 

ascertaining if the at least one pervasive device is within a given distance 
of the gateway as measured by signal strength of wireless communication, 
wherein said gateway is integrated on a combined pervasive device. 
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